ET 115 Mid Term

1.
All of the following are domains of the CBK except:

A) Relational Database Security
B) Access Control Systems and Methodology
C) Law, Investigations, and Ethics
D) Security Management Practices.
Points Earned: 1.0/1.0
Correct Answer(s): A
2.
Layered security is also referred to as:
A) None of the above.
B) Multi-system security
C) Denial of service
D) Defense in depth
Correct Answer(s): D
3.
Synonyms for confidentiality include all of the following except:
A) secrecy
B) integrity
C) discretion
D) privacy
Correct Answer(s): B
4.
Intellectual property law includes all of the following categories except:
A) Trade secrets
B) Patent law
C) Copyright law
D) Probate administration
5.
Which of the following are topics of the Physical Security domain? Select all co
rrect answers.
A) Electrical power issues and solutions
B) Backup options and technologies.
C) Physical vulnerabilities and threats
D) Physical intrusion detection system
Correct Answer(s): D, A, C
6.
The BCP describes all of the following except:
A) Personnel
B) Defined policies
C) Procedures
D) Critical processes
7.
The Common Body of Knowledge with ____________ domains is the framework of the i
nformation security field.
A) 15
B) 11
C) 10
D) 20
E) 16
F) 6
G) 5
Correct Answer(s): C
8.
Which of the following options would not be considered in a disaster recovery pl
an or business continuity plan?
A) Service bureaus for fast response
B) Multiple centers to spread processing across sites
C) Mobile units provided by a third party
D) New business
9.
The factors used to determine degree of risk include:
A) None of the above.
B) Determining the consequence of loss
C) Both of the above
D) Determining the likelihood that loss will occur
10.
An organization's security posture is defined and documented in ____________ tha
t must exist before any computers are installed. Select all that are correct!
A) sales projections
B) None of the others are correct
C) guidelines
D) procedures
E) standards
Correct Answer(s): E, C, D
11.
The model for a system security policy does NOT include:
A) Policy implementation
B) Operational security
C) Management structure
D) Security objectives
12.
The Application Development Security domain includes all of the following topics
except:
A) ActiveX and Java.
B) Database security
C) Types of malware
D) Domain name service
13.
Which major category of computer crimes involves criminals and intelligence agen
ts illegally obtaining classified information?
A) Joy ridders
B) Financial attacks
C) Business attacks
D) Military and intelligence attacks
14.
The criteria used to rate the effectiveness of trusted systems is set forth in:
A) None of the others
B) TCSEC
C) CTCPEC
D) ITSEC
15.
Which of the following statements about Principle 4 is false?
A) In exchange for worthless goods, people tend to give up credentials.
B) It is easy to fool people into spreading viruses.
C) Today's virus writers are not very sophisticated.
D) The organizers of Infosecurity Europe 2003 found that 75% of survey responden
ts revealed information immediately.
16.
The BIA prioritizes systems for recovery and ____________ are at the top of the
list.
A) Mission-required systems
B) Less critical systems
C) Nice to have systems
D) Mission-critical systems
17.
IS principle 5 states that security depends on these requirements:
A) Availability and integrity
B) Functional and assurance
C) Usability and interface.
D) Verification and validation
18.
Step-by-step directions to execute a specific security activity is referred to a
s a:
A) Procedure
B) Guideline
C) Standard
D) Regulation
19.
When defining the trusted computing base, a reference monitor should be all of t
he following except:
A) Verifiable and cannot be circumvented
B) Complete in that it mediates all access
C) Isolated from modification
D) Changeable by other system entities
20.
Which design objective prevents data leakage and modification of the data while
it is in memory?
A) Data hiding
B) Abstraction
C) Layering
D) Process isolation
21.
A(n) ____________ policy focuses on policy issues that management decided for a
specific system.
A) Programme-framework
B) Issue-specific
C) System-specific
D) Programme-level
22.
The type of computer crime where radio frequency signals from wireless computers
are intercepted is:
A) Spoofing IP addresses
B) Dumpster diving
C) Emanation eavesdropping
D) Social engineering B.
23.
The Cryptography domain includes all of the following topics except:
A) Block and stream ciphers
B) IPSec, SSL, and PGP
C) Public key infrastructure components.
D) TCI/IP suite
24.
Electronic crime includes identity theft, forgery, and pirated bank accounts.
A) True
B) False
25.
Avoid phishing, ID theft, and monetary loss by taking all of the following steps
except:
A) Recognize the signs of fraud
B) Follow advice of financial services provider
C) Not Keeping virus software current.
D) Ignore links embedded in e-mail messages
26.
Which of the following uses a specific OS and lacks a standard interface to conn
ect to other systems?
A) Open system
B) Closed system
C) Finite-state machine
D) None of the above
27.
Operational procedures and tools familiar to IT specialists are covered in the M
aster Security domain.
A) True
B) False
28.
Security professionals activities include all of the following except:
A) Eradicating the problem
B) Naming the virus
C) Repairing the damage
D) Finding the source of the problem
29.
Which of the following is used to extract identifying information from a nave or
gullible user?
A) Phishing
B) None of the above
C) Cyberstalking
D) Both of the above
30.
Which of the following is NOT considered a common position or career opportunity
in information security?
A) Security consultant
B) Governance manager
C) nformation librarian
D) Compliance officers
31.
Functional requirements and assurance requirements answer which of the following
questions?
A) Does the system do the right things?
B) Does the system do the right things in the right way?
C) Both of the above
D) None of the above
32.
____________ is needed by businesses and agencies to determine how much security
is needed for appropriate protection.
A) Risk analysis and management
B) Education, awareness, and training
C) Separation of duties
D) Asset and data classification
33.
____________ assure that outsourced functions are operating within security poli
cies and standards.
A) Access coordinators
B) Vendor managers
C) Security testers
D) Security administrator
34.
Given enough time, tools, inclination, and ____________, a hacker can break thro
ugh any security measure.
A) skills
B) talent
C) intelligence
D) assets
35.
Which ITSEC assurance class includes a formal specification of security enforcin
g functions and architectural design?
A) E6
B) E3
C) E5
D) E4
36.
Which of the following is NOT a calculation used for quantitative risk analysis?
A) Standard deviation
B) Vulnerability
C) ALE
D) Probability
37.
Which of the following questions is NOT used to determine the hierarchy of the r
ings of trust?
A) Is the host in a physically secured room?
B) Does the host use software with data from the Internet?
C) Does the host have normal user accounts?
D) Will users rely on flash drives?
38.
Thou shalt not use a computer to bear false witness is an ethics statement inclu
ded in whose standard?
A) Internet Activities Board's Ethics and the Internet
B) Code of Fair Information Practices
C) ISC2 Code of Ethics
D) Computer Ethics Institute
39.
Networking professionals who create a plan to protect a computer system consider
all of the following in the planning process except:
A) Defining the structural composition of data
B) Protecting the confidentiality of data
C) Preserving the integrity of data
D) Promoting the availability of data for authorized use
40.
A(n) ____________ policy might prescribe the need for information security and m
ay delegate the creation and management of the program.
A) System-specific
B) Programme-level
C) Programme-framework
D) Issue-specific
41.
Under the Trusted Computer Security Evaluation Criteria, what classification is
reserved for protecting objects form unauthorized subjects through the assignmen
t of privilege?
A) Division B
B) Division A
C) Division D
D) Division C
42.
The Security Management Practices domain highlights the importance of a comprehe
nsive security plan.
A) False
B) True
43.
Information security is primarily a discipline to manage the behavior of:
A) Buildings and Grounds
B) Processes and Procedures
C) Organizations and People
D) Technology and Equipment
44.
Topics within the umbrella of information security include all of the following
except:
A) Security testing
B) Key management
C) Electronic forensics
D) Incident response
45.
In disaster recovery planning, a(n) ____________site provides power, air conditi
oning, heat, as well as other environmental systems but does not provide hardwar
e or software.
A) Shared
B) Warm
C) Cold
D) Hot
46.
The type of computer crime where attacks are made on a country's computer networ
k for economic or military gain is:
A) Rogue code
B) Emanation eavesdropping
C) Embezzlement
D) Information warfare
47.
The supporting documents derived from policy statements include which of the fol
lowing? Select all correct answers.
A) Guidelines
B) Regulations
C) Procedural maps
D) Standards and baselines
Correct Answer(s): B, D, A
48.
The growing demand for InfoSec specialists is occurring predominantly in what ty
pes of organizations? Select all correct answers.
A) Government
B) Corporations
C) Not-for-profit foundations
Correct Answer(s): A, B, C
49.
Automated methods of enforcing or supporting security policy would NOT include:
A) Prevent booting from a floppy disk
B) Intrusion detection software
C) Block file save to all but hard disk
D) Blocking telephone systems users from calling some numbers
50.
All of the following are used to ensure a high standard of security except:
A) Industry standards
B) Certificates
C) Ethics
D) College degrees
51.
More dangerous than not addressing security is obscuring security because it lea
ds to a:
A) Reduced level of security
B) Complete breakdown of security.
C) Higher level of security
D) False sense of security
52.
Which of the following is NOT typically a goal of the disaster recovery plan?
A) Keeping computers running
B) Meeting service-level agreements with customers.
C) Leasing new computers
D) Being proactive
53.
The three objectives of Network Security are:
A) Safety, access control, and secrecy
B) Confidentiality, integrity, and availability
C) Resilience, privacy, and safety
D) Confidentiality, secrecy, and privacy
E) Safety, access control, and privacy
F) Resilience, privacy, and availability
54.
Which of the following computer incidents/crimes/attacks resulted in the largest
dollar loss according to the 2004 Computer Crime and Security Survey?
A) Sabotage
B) Telecom fraud
C) Insider net abuse
D) Virus
55.
After undergoing formal testing and validation a trusted system can meet user's
requirements for all of the following except:
A) Security
B) Speed
C) Reliability
D) Effectiveness
56.
____________ policy speaks to specific issues of concern to the organization.
A) Programme-level
B) System-specific
C) Programme-framework
D) Issue-specific
57.
____________ percent of businesses that did not have a recovery plan went bankru
pt within one year of a major data loss.
A) 70
B) 30
C) 60
D) 20
E) 35
F) 40
G) 80
Correct Answer(s): G
58.
Which of the following actions may be required after a high risk rating is deter
mined?
A) Management responsibility must be specified
B) Manage by routine procedures
C) Immediate action required
D) Senior management attention needed
59.
Which major category of computer crime usually involves illegal access of propri
etary information?
A) Business attacks
B) Military and intelligence attacks
C) Financial attacks
D) Terrorist attacks
60.
Which of the following statements about operational security documentation are t
rue? Select all correct answers.
A) Less formal policy may be written in memos
B) Formal policy is published as a distinct policy document
C) Informal policy may not be written at all
D) Uncommon policies are included in informal policy
Correct Answer(s): B, A, C
61.
A compilation of all security information collected internationally and relevant
to information security professionals is the Orange Book.
A) False
B) True
62.
Which of the following statements about the CC is NOT true?
A) CC provides a common language for security requirements
B) Users and developers of IT security products create protection profiles
C) Users and developers defining security requirements ignore environmental thre
ats
D) CC breaks functional and assurance requirements into distinct elements
63.
Which of the following are reasons to plan for emergencies? Select all correct a
nswers.
A) Save time and money
B) Protect lives
C) maximize disruptions
D) Reduce stress
Correct Answer(s): A, D, B
64.
Disaster recovery planning includes all of the following except:
A) Data entry users
B) IT systems and applications
C) Networks supporting the IT infrastructure
D) Application data
65.
Which of the following is NOT a step in the creation of a BCP?
A) Identify the scope
B) Create the BIA
C) Implement the plan
D) Purchase the resources
66.
Virus outbreaks and long passwords prevent users from accessing the systems they
need in order to perform their jobs
A) True
B) False
67.
An effective security policy contains which of the following information? Select
all correct answers.
A) Reference to other policies
B) Measurement expectations
C) Compliance management and measurements description
D) Smart Card Requirements
Correct Answer(s): A, B, C
68.
Which of the following is NOT one of the International Safe Harbor Principles?
A) Access in order to correct, modify, or delete information
B) Security to prevent data loss, misuse, disclosure, or alteration
C) Consent over what information may be collected
D) Enforcement of privacy
69.
In the standards taxonomy _____________ suggests that no single person is respon
sible for approving his own work.
A) Education, awareness, and training
B) Separation of duties
C) Risk analysis and management
D) Asset and data classification
70.
All of the following are natural events capable of disrupting a business except:
A) Floods
B) Mudslides
C) Work stoppages
D) Hurricanes

ET 115 Mid Term

Uploaded by

Copyright:

Available Formats

You might also like

ET 115 Mid Term

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ET 115 Mid Term

Uploaded by

Copyright:

Available Formats

1.

All of the following are domains of the CBK except:

You might also like